我正在尝试通过 C#使用webapi创建登录身份验证令牌,并使用 PostMan
对其进行了测试这就是我所做的 C#webapi
这是我的 startup.cs
using Microsoft.Owin;
using Microsoft.Owin.Security.OAuth;
using Owin;
using System;
using System.Web;
using System.Web.Http;
using Microsoft.Owin.Cors;
using DBSecurityTest.Controllers;
[assembly: OwinStartup(typeof(DBSecurityTest.Startup))]
namespace DBSecurityTest
{
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
var myProvider = new MyAuthProvider();
OAuthAuthorizationServerOptions options = new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(30),
Provider = myProvider
};
app.UseOAuthAuthorizationServer(options);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
HttpConfiguration config = new HttpConfiguration();
WebApiConfig.Register(config);
}
}
}
MyAuthProvider
using Microsoft.Owin.Security.OAuth;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using System.Web;
using DBSecurityTest.Models;
namespace DBSecurityTest.Controllers
{
public class MyAuthProvider : OAuthAuthorizationServerProvider
{
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
DBSecurityTestEntities DBST = new DBSecurityTestEntities();
var userdata = DBST.EF_UserLogin(context.UserName, context.Password).FirstOrDefault();
if (userdata != null)
{
identity.AddClaim(new Claim(ClaimTypes.Role, userdata.UserRole));
identity.AddClaim(new Claim(ClaimTypes.Name, userdata.UserName));
context.Validated(identity);
}
else
{
context.SetError("invalid_grant", "Provided username and password is incorrect");
context.Rejected();
}
}
}
}
WebApiConfig
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web.Http;
using Microsoft.Owin.Cors;
using System.Web.Http.Cors;
namespace DBSecurityTest
{
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
EnableCorsAttribute cors = new EnableCorsAttribute("*", "*", "*");
config.EnableCors();
// Web API configuration and services
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}
}
}
我已经如下创建了 database 查询:
use [DBSecurityTest]
CREATE TABLE [dbo].[UserLogin](
[Id] [int] IDENTITY(1,1) NOT NULL,
[UserName] [varchar](50) NULL,
[UserPassword] [varchar](50) NULL,
[UserEmail] [varchar](50) NULL,
[UserRole] [varchar](50) NULL,
CONSTRAINT [PK_UserLogin] PRIMARY KEY CLUSTERED
(
[Id] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
) ON [PRIMARY]
GO
-- insert data in table
insert into UserLogin(UserName,UserPassword,UserEmail,UserRole)
values ('admin','123456','admin@gmail.com','admin')
-- create store procedure
Create PROCEDURE [dbo].[EF_UserLogin]
@UserName varchar(50)=null,
@UserPassword varchar(50)=null
AS
BEGIN
SET NOCOUNT ON;
SELECT UserName,UserPassword,UserEmail,UserRole from UserLogin where UserName=@UserName and UserPassword=@UserPassword
END
我已经添加了 ADO.Net模型
错误是我在调试Api时无法通过 Postman 测试令牌。
我的邮递员配置如下:
POST,/令牌
我选择Body和x.www-form-urlencoded
错误自带 {“错误”:“ unsupported_grant_type”}
是邮递员配置错误还是与C#api代码有关?
答案 0 :(得分:1)
您是否为此编写了控制器? 我想您错过了 controller (控制器),因为它存储参数并处理它。您声明的方式似乎在 C#WebApi 后端没有处理。
我想您可以从这里参考一些视频: https://www.youtube.com/watch?v=BZnmhyZzKgs
谢谢。
答案 1 :(得分:0)
这与您的请求有关,当您使用Postman发送请求时,应传递一个名为Grant_type的参数。
OAuth框架为不同的用例指定了几种授权类型,以及用于创建新的授权类型的框架。
以下列出了最常见的OAuth授予类型。
有关更多信息,请阅读OAuth Grant Types。